Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
556
Views
0
Helpful
3
Replies

Microsoft AD LDS supported for TMS & WebEx OnPremise

Go to solution
Christian Darley
Level 1
Level 1

‎08-19-2015 05:12 AM - edited ‎03-13-2019 09:07 PM

Hi,

 

I've got a customer, who is thinking about implenting a WebEx onPremise solution. Beside other things there is already a Cisco TMS & VCS environment for Video endpoints and Jabber Video for Telepresence. As this customer has a high security awareness, they don't want to have systems communicating with public networks to have access to their central authenticating system.

 

Therefore they are asking, if it is possible to use Microsoft AD LDS instead of Microsoft Active Directory or some other LDAP service. As i couldn't find any useful information on this, perhaps there's someone here, who could either tell me if that is supported or has something like this running with success.

 

Kind regards,

 

Christian Darley

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Terry Cheema
VIP Alumni
VIP Alumni

‎08-19-2015 08:11 PM

For CWMS on-prem you have below options:

1) Manage/Authenticate users locally

2) Use LDAP/LDS but through CUCM. This means CUCM needs to be integrated with AD first. CWMS then integrates for directory to CUCM.

Ref: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Administration_Guide/Administration_Guide/Administration_Guide_chapter_01101.html#task_DB0D271D6EB1459EB4DA269461E93B36

For configuring CUCM - AD LDS integration:

Ref: http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-version-80/111979-ucm-multi-forest-00.html

3) Third and the best option is SAML SSO.

This is the best option from all three from user experience and security perspective as well (at least SSO adds another layer between the AD and the user)

This functionality will let you do below:

auto account create

auto account update

SSO/Authentication

Ref: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_01001.html#topic_3E0C669FED234015B187A02AAB5E0E6B

 

CWMS also uses its own reverse proxy for all access through internet as well. Refer to below:

http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_010.html#reference_5791517C7230406DAC9CE1E9D079F375

-Terry

Please rate all helpful posts

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Terry Cheema
VIP Alumni
VIP Alumni

‎08-19-2015 08:11 PM

For CWMS on-prem you have below options:

1) Manage/Authenticate users locally

2) Use LDAP/LDS but through CUCM. This means CUCM needs to be integrated with AD first. CWMS then integrates for directory to CUCM.

Ref: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Administration_Guide/Administration_Guide/Administration_Guide_chapter_01101.html#task_DB0D271D6EB1459EB4DA269461E93B36

For configuring CUCM - AD LDS integration:

Ref: http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-version-80/111979-ucm-multi-forest-00.html

3) Third and the best option is SAML SSO.

This is the best option from all three from user experience and security perspective as well (at least SSO adds another layer between the AD and the user)

This functionality will let you do below:

auto account create

auto account update

SSO/Authentication

Ref: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_01001.html#topic_3E0C669FED234015B187A02AAB5E0E6B

 

CWMS also uses its own reverse proxy for all access through internet as well. Refer to below:

http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_010.html#reference_5791517C7230406DAC9CE1E9D079F375

-Terry

Please rate all helpful posts

0 Helpful

Go to solution
Christian Darley
Level 1
Level 1
In response to Terry Cheema

‎08-20-2015 02:52 AM

Thank you Terry,

 

that clears the WebEx part. Hopefully someone knows for TMS as well.

 

Christian

0 Helpful

Go to solution
anthonyroesler
Level 1
Level 1
In response to Christian Darley

‎10-03-2016 06:16 AM

Could still use an answer to if AD LDS will work with TMS. That is still an unknown and an issue I am running into today.

0 Helpful
Customers Also Viewed These Support Documents